April 26, 2021 By Mike Elgan 3 min read

Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks.

McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices.

Most of these new devices connect via home routers (another IoT device), 5G mobile broadband and satellite internet. These are new frontiers for threat actors, which means a new set of security concerns if you are not prepared.

Routers Can Be the Biggest Security Issue

The more devices connected at home, the bigger the attack surface.

One of the biggest unsolved problems is the point of access — the router that IoT, mobile and wearable devices often connect to. For one, these devices aren’t designed well enough or configured by the users properly. However, the real problem is that routers can still be breached and lead to compromise on the devices they connect.

Ever since the Mirai botnet distributed denial of service in 2016, in which a single person weaponized 400,000 IoT devices (including home routers), IoT breaches based on these seemingly harmless gadgets have been a concern. Since then, the number and kinds of attacks involving IoT security breaches have grown each year.  

Security Improvements?

A great many groups, both industry and federal, have published guidelines, recommendations and laws to address the manufacturing, provision and use of the IoT for better security. These include the European Union Agency for Cybersecurity’s (ENISA’s) recommendations, European Telecommunications Standards Institute (ETSI) standards, a California law that requires any IoT device sold in the state to offer reasonable security features (and a similar Oregon law), the IoT Security Foundation’s Best Practice Guidelines and others.

The latest is the IoT Cybersecurity Improvement Act, passed by Congress and now officially a public law. The new law requires IoT security as defined by the National Institute of Standards and Technology and sets standards for government purchases of IoT infrastructure.

To date, these standards are not consistent and overlap. They still place burdens on the user or entity for Iot security.

Emerging Solutions

So, how do you keep IoT security in mind over all those connected devices at home?

Built-In Security

While many device makers leave it up to consumers, consumers believe it should be built in. A Karamba Security survey found that 87% of consumers say that device makers, not users, should take the lead on making sure IoT devices are secure. New laws (California, Oregon and federal) focus on unique passwords and needs for the user to change authentication methods. These laws balance safety and convenience, and are not enough for enterprise use on their own.

Biometrics

Biometrics could standardize defense across devices. The mainstreaming of first fingerprint scanners and then face recognition in smartphones has gotten consumers used to this kind of interface. Scans can provide both defense and convenience. Behind the scenes, researchers have developed and nearly perfected a wide range of biometric solutions. From voice recognition to vein pattern scans to sensors tracking gait, they could help secure the future smart home.

Labeling

Another upcoming idea is the use of relevant labels on consumer devices, warning buyers about the risks of each product. This could affect product reviews and motivate creators to add better and easier security in consumer products.

How to Protect Yourself When Using Consumer Gadgets

There is no such thing as a one-button fix for IoT security threats to mobile and wearable devices for consumers. But, you can stay safe by following these best practices:

Buying IoT Devices

Choose products that emphasize digital safety. Key features to look for include how often firmware updates, data handling features, the option to turn off needless features and the option to limit access.

Using IoT Devices

  • Use multifactor authentication whenever possible.
  • Next, use biometric security whenever possible.
  • Always change the default passwords for every device you use. Use a password-management solution, and use a different strong password for every device. In addition, change passwords often.
  • Turn off devices completely when they’re not in active use.
  • Always keep devices updated with the latest firmware. Your router is the most important one to check.
  • Lastly, for mobile devices, including smartphones, turn on location services only for apps that truly need it.

Managing IoT Devices Across Your Network

  • Use three different Wi-Fi networks if possible — one for work devices, one for home computing devices and another for IoT devices. (Follow manufacturers’ instructions for segmenting networks.) This reduces the attack surface and makes it easier to track and contain breaches. 
  • Know your home routers’ features and access the admin panel only via Ethernet. Change the name of the network, disable remote access, turn on encryption and enable the router’s firewall feature.

In the era of the smart home, connected car and wearable computing device, we also see attacks plaguing consumers at a whole new level. With a mix of purchasing incentives, new tech and a new emphasis on defense by device makers, software companies and consumers alike, we can maximize consumer IoT safety going forward.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today